Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/4e5572-a84a-4c9f-9cb1-fe0a1d00b209/1/Gl_vAnBQzpsQQ_z58IQem4sBvxY.roa
File:                     Gl_vAnBQzpsQQ_z58IQem4sBvxY.roa (raw, json)
Hash identifier:          lOitri7pAEGVH7ShfCFp4NwDW2W+GPMh6msAMdjaeNw=
Subject key identifier:   1A:5F:EF:02:70:50:CE:9B:10:43:FC:F9:F0:84:1E:9B:8B:01:BF:16
Certificate issuer:       /CN=4bcda230967cff2ede2177f2d332af0acb7e50bc
Certificate serial:       019242DD8D0645024824E9975727DA0536EB
Authority key identifier: 4B:CD:A2:30:96:7C:FF:2E:DE:21:77:F2:D3:32:AF:0A:CB:7E:50:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S82iMJZ8_y7eIXfy0zKvCst-ULw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/4e5572-a84a-4c9f-9cb1-fe0a1d00b209/1/Gl_vAnBQzpsQQ_z58IQem4sBvxY.roa
Signing time:             Mon 30 Sep 2024 12:17:48 +0000
ROA not before:           Mon 30 Sep 2024 12:17:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214193
IP address blocks:        82.115.32.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/4e5572-a84a-4c9f-9cb1-fe0a1d00b209/1/S82iMJZ8_y7eIXfy0zKvCst-ULw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/4e5572-a84a-4c9f-9cb1-fe0a1d00b209/1/S82iMJZ8_y7eIXfy0zKvCst-ULw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S82iMJZ8_y7eIXfy0zKvCst-ULw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:42:dd:8d:06:45:02:48:24:e9:97:57:27:da:05:36:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4bcda230967cff2ede2177f2d332af0acb7e50bc
        Validity
            Not Before: Sep 30 12:17:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a5fef027050ce9b1043fcf9f0841e9b8b01bf16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:79:33:56:39:a5:59:ca:72:55:ad:8a:65:62:
                    4e:88:0a:f3:83:0a:4f:76:d0:27:fb:cf:8b:00:62:
                    d7:0d:67:a4:0b:69:ce:e0:ce:bb:66:c3:c3:f5:01:
                    64:2b:66:c2:40:5c:06:77:62:3d:68:50:59:0e:59:
                    1f:a5:ec:46:9f:1d:65:32:52:38:3a:0e:dd:bc:be:
                    09:71:cc:13:44:19:3f:00:27:d6:fb:76:7b:55:8c:
                    7a:d5:e4:ca:5b:0f:52:f9:fd:78:38:b2:18:fb:79:
                    71:98:e7:27:74:8d:53:44:c4:47:5d:ef:ed:1f:26:
                    ad:62:7e:2a:e6:8a:bd:75:77:3d:eb:73:ac:5f:38:
                    6c:70:30:b0:6d:d5:37:d1:a8:a6:2f:10:e2:23:96:
                    6d:2a:cc:95:a9:41:be:f5:90:37:4a:17:f3:cd:b7:
                    cb:1d:fd:ea:8b:b8:93:55:88:77:ae:af:29:c7:cf:
                    28:d6:57:a0:af:9d:95:46:23:f3:24:c0:9b:a4:32:
                    93:a3:c8:0e:0f:e1:db:0a:a3:fe:3a:e5:a2:c2:6c:
                    5a:61:64:f6:21:fe:89:0c:45:f4:3d:11:3b:d7:a4:
                    ea:b7:14:88:48:d0:d1:38:64:94:10:52:ee:b6:ba:
                    64:25:37:6a:86:b3:e4:b4:40:34:b7:0c:7e:61:26:
                    63:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:5F:EF:02:70:50:CE:9B:10:43:FC:F9:F0:84:1E:9B:8B:01:BF:16
            X509v3 Authority Key Identifier:
                keyid:4B:CD:A2:30:96:7C:FF:2E:DE:21:77:F2:D3:32:AF:0A:CB:7E:50:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S82iMJZ8_y7eIXfy0zKvCst-ULw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/4e5572-a84a-4c9f-9cb1-fe0a1d00b209/1/Gl_vAnBQzpsQQ_z58IQem4sBvxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/4e5572-a84a-4c9f-9cb1-fe0a1d00b209/1/S82iMJZ8_y7eIXfy0zKvCst-ULw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.115.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:8f:7d:26:15:f8:76:f4:72:1e:c2:d1:8f:e7:ce:83:62:a2:
         cd:4d:f8:2d:bb:a6:20:31:e7:28:71:ec:cd:af:c9:d9:f1:7d:
         c9:b7:24:2f:14:b8:72:81:83:a5:c7:fe:b2:59:65:9c:ec:ec:
         63:93:76:a7:73:24:77:4d:20:13:d3:06:13:47:07:0d:27:c0:
         88:70:10:44:11:4a:14:8c:cf:a6:66:ab:4f:91:ea:7e:8c:6b:
         f8:8b:7f:e9:f5:82:f0:a3:de:5e:3d:69:ec:a3:3a:f0:ee:09:
         9c:38:3a:32:92:48:9a:8c:52:e1:33:49:0c:8f:da:47:90:01:
         5d:e5:11:1e:e7:c1:38:7a:6e:49:ad:ca:8f:80:82:95:b1:d7:
         35:7e:a0:93:ff:4c:ab:33:e5:7d:c3:4e:5e:2f:65:2f:9f:74:
         a7:a7:c0:11:59:57:69:78:12:76:f9:3d:11:eb:78:ab:1b:e6:
         48:27:93:80:74:44:92:48:e6:0a:8e:ab:3d:0a:6f:aa:96:59:
         70:e6:c0:bf:13:70:d7:02:53:d2:df:54:4d:de:f4:aa:2a:9c:
         59:07:99:de:14:b3:41:e1:b4:ac:58:88:88:64:33:77:1f:ee:
         af:72:c6:97:17:56:b5:a4:de:b8:d3:b5:2e:64:18:f4:e3:fa:
         ef:b2:7c:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJC3Y0GRQJIJOmXVyfaBTbrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiY2RhMjMwOTY3Y2ZmMmVkZTIxNzdmMmQzMzJhZjBhY2I3
ZTUwYmMwHhcNMjQwOTMwMTIxNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTVmZWYwMjcwNTBjZTliMTA0M2ZjZjlmMDg0MWU5YjhiMDFiZjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnkzVjmlWcpyVa2KZWJOiArzgwpP
dtAn+8+LAGLXDWekC2nO4M67ZsPD9QFkK2bCQFwGd2I9aFBZDlkfpexGnx1lMlI4
Og7dvL4JccwTRBk/ACfW+3Z7VYx61eTKWw9S+f14OLIY+3lxmOcndI1TRMRHXe/t
HyatYn4q5oq9dXc963OsXzhscDCwbdU30aimLxDiI5ZtKsyVqUG+9ZA3ShfzzbfL
Hf3qi7iTVYh3rq8px88o1legr52VRiPzJMCbpDKTo8gOD+HbCqP+OuWiwmxaYWT2
If6JDEX0PRE716TqtxSISNDROGSUEFLutrpkJTdqhrPktEA0twx+YSZjxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBpf7wJwUM6bEEP8+fCEHpuLAb8WMB8GA1UdIwQY
MBaAFEvNojCWfP8u3iF38tMyrwrLflC8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzgyaU1KWjhfeTdlSVhmeTB6S3ZDc3QtVUx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80ZTU1NzItYTg0YS00YzlmLTljYjEt
ZmUwYTFkMDBiMjA5LzEvR2xfdkFuQlF6cHNRUV96NThJUWVtNHNCdnhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80ZTU1NzItYTg0YS00YzlmLTljYjEtZmUwYTFkMDBiMjA5
LzEvUzgyaU1KWjhfeTdlSVhmeTB6S3ZDc3QtVUx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUnMgMA0G
CSqGSIb3DQEBCwUAA4IBAQBHj30mFfh29HIewtGP586DYqLNTfgtu6YgMecocezN
r8nZ8X3JtyQvFLhygYOlx/6yWWWc7Oxjk3ancyR3TSAT0wYTRwcNJ8CIcBBEEUoU
jM+mZqtPkep+jGv4i3/p9YLwo95ePWnsozrw7gmcODoykkiajFLhM0kMj9pHkAFd
5REe58E4em5JrcqPgIKVsdc1fqCT/0yrM+V9w05eL2Uvn3Snp8ARWVdpeBJ2+T0R
63irG+ZIJ5OAdESSSOYKjqs9Cm+qlllw5sC/E3DXAlPS31RN3vSqKpxZB5neFLNB
4bSsWIiIZDN3H+6vcsaXF1a1pN6407UuZBj04/rvsnwD
-----END CERTIFICATE-----